https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813726#M983105 <HTML><HEAD></HEAD><BODY><P>"Ip verify reverse path" checks two things:</P><P>1. is a route present for that specific source?</P><P>2. is the packet&nbsp; comming on the right interface?</P><P></P><P>I would suggest to check the routing to exclude possible assymetic routing issues. If everything looks alright then it might be a real spoofing attack.</P><P></P><P>HTH</P></BODY></HTML> Sun, 09 Sep 2012 17:22:11 GMT oszkari 2012-09-09T17:22:11Z https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813720#M983002 <P>Hi I get following message from PIX ver 7.0:</P><P>PIX-1-106021: Deny TCP reverse path check from 192.168.0.150 to 192.168.0.250 on interface dmz</P><P></P><P>106021: Someone is attempting to spoof an IP address on an inbound connection. Unicast Reverse Path Forwarding (Unicast RPF), also known as reverse route lookup, detected a packet that does not have a source address represented by a route and assumes that it is part of an attack on your firewall. </P><P></P><P></P><P>but extraly, we have virtual ip with netscaler in the dmz, then do <A class="jive-link-custom" href="http://virtual" target="_blank">http://virtual</A> ip address, from 192.168.0.150, phisical server ip is 192.168.0.250. How to fix or disable Unicast Reverse Path Forwarding? if disable, what is happend?</P><P></P><P>Thanks</P><P></P><P>ben</P><P></P> Mon, 11 Mar 2019 10:52:55 GMT https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813720#M983002 bma 2019-03-11T10:52:55Z https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813721#M983035 <HTML><HEAD></HEAD><BODY><P>look for the following command in your config:</P><P>ip verify reverse-path interface ....</P><P></P><P>Although, it'd be best to figure out what was causing the log message. Basically the message means the dmz interface received a packet with the source address matching a known inside network address.</P></BODY></HTML> Thu, 02 Aug 2007 21:40:53 GMT https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813721#M983035 srue 2007-08-02T21:40:53Z https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813722#M983064 <HTML><HEAD></HEAD><BODY><P>Thanks</P><P></P><P>Because issue, people cannot access web server with virtual address. </P><P>What should be impacted if disable ip verify reverse-path?</P><P></P><P>ben</P></BODY></HTML> Thu, 02 Aug 2007 22:24:08 GMT https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813722#M983064 bma 2007-08-02T22:24:08Z https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813723#M983076 <HTML><HEAD></HEAD><BODY><P>its intended as a security feature to prevent address spoofing.</P><P>should be no impact if you disable it. </P></BODY></HTML> Fri, 03 Aug 2007 02:55:39 GMT https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813723#M983076 srue 2007-08-03T02:55:39Z https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813724#M983087 <HTML><HEAD></HEAD><BODY><P>hi, </P><P></P><P>Try adding a static route to the source IP towards the interface through which it comes. so that a route is present for that IP.</P><P></P><P>Sony</P></BODY></HTML> Tue, 27 Sep 2011 07:10:31 GMT https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813724#M983087 sonybabu2k1 2011-09-27T07:10:31Z https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813725#M983097 <HTML><HEAD></HEAD><BODY><P>Guys,</P><P></P><P>Need a serious help for this antispoofing issue :</P><P></P><P>Sep&nbsp; 6 14:19:42 vrd-swi-asa-01-pri %ASA-6-302013: Built inbound TCP&nbsp; connection 25447904 for IP-PBX-WAN:10.98.2.12/49383 (10.98.2.12/49383)&nbsp; to Mitel-Front:172.20.128.5/7011 (172.20.128.5/7011)</P><P>Sep&nbsp; 6 14:19:42 vrd-swi-asa-01-pri %ASA-6-302014: Teardown TCP&nbsp; connection 25447903 for IP-PBX-WAN:10.98.2.12/49382 to&nbsp; Mitel-Front:172.20.128.5/7011 duration 0:00:00 bytes 6845 TCP FINs</P><P>Sep&nbsp; 6 15:09:38 vrd-swi-asa-01-pri %ASA-1-106021: Deny TCP reverse path check from 10.98.2.12 to 172.40.0.1 on interface Corp-WAN</P><P>Sep&nbsp; 6 15:09:38 vrd-swi-asa-01-pri %ASA-1-106021: Deny TCP reverse path check from 10.98.2.12 to 172.40.0.1 on interface Corp-WAN</P><P></P><P></P><P>These are the logs of my WAN firewall..Problem here is traffic originating from 10.98.2.12 when hitting to 172.40.0.1 is getting denied, while hitting to any other destination is allowed.</P><P>I think "ip verify reverse path" check the source IP is coming from correct interface or not, here it is coming from IP-PBX-WAN for all other traffic but why not for 172.40.0.1 ?</P><P>Please suggest. <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Fri, 07 Sep 2012 07:57:35 GMT https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813725#M983097 vipulagrawal 2012-09-07T07:57:35Z https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813726#M983105 <HTML><HEAD></HEAD><BODY><P>"Ip verify reverse path" checks two things:</P><P>1. is a route present for that specific source?</P><P>2. is the packet&nbsp; comming on the right interface?</P><P></P><P>I would suggest to check the routing to exclude possible assymetic routing issues. If everything looks alright then it might be a real spoofing attack.</P><P></P><P>HTH</P></BODY></HTML> Sun, 09 Sep 2012 17:22:11 GMT https://community.cisco.com/t5/network-security/deny-tcp-reverse-path-check/m-p/813726#M983105 oszkari 2012-09-09T17:22:11Z